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DETAILED ACTION 
Allowable Subject Matter 

1 . Claims 59 and 62 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

2. The following is a statement of reasons for the indication of allowable subject 
matter: Claims 59 and 62 detail the limitations of their parent claims with the addition 
that the object instance is associated with a context by recording the name of the 
context in a header of the object instance, such that information in the header is 
inaccessible to the one or more program modules. The prior art of record precludes this 
by having each applet that executes in its respective execution context having complete 
control over its objects such that all information of the objects is accessible. The cited 
claims makes Applicant's invention more clearer wherein the objects are owned by the 
context, and not the applet that instantiated it. Therefore, the cited claims when claimed 
when rewritten would overcome the prior art of record. 

Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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2. Claims 1 , 25, 26, 29-32, 35-38, 41 -58, 60, 61 , 63, and 64 are rejected under 35 
U.S.C. 103(a) as being unpatentable over "Java Card 2.0 Programming Concepts" by 
SUN. 

As to claim 1 , SUN teaches a small footprint device (java card / smart card) 
comprising: at least one processing element (virtual machine / operating system 
process) (pg. 3, Lifetime of the Virtual Machine) configured to execute groups of 
program modules (applets) in separate contexts (applet execution context) (pg. 7, 
"...applets are isolated from each other." Pg. 2, "Each applet is an independent entity 
with its own state and functionality."; pg. vii, "Applet execution context...), the program 
modules (applets) comprising zero or more sets of executable instructions (methods) 
and zero or more sets of data definitions (field contents) grouped as object definitions 
(classes) (pg. 7, Every object (class instance or array) on the card is owned by the 
applet which instantiated it... If an applet does not have sharing privileges for an object, 
any attempt to invoke an instance method or access the object's contents will throw a 
SecurityException."), each context (applet execution context) comprising a protected 
object instance space such that at least one of the object definitions (class) is 
instantiated (class instance) in associated with a particular context (via pg. 7, "...applets 
are isolated from each other." Pg. 2, "Each applet is an independent entity with its own 
state and functionality."; pg. vii, "The JCRE keeps track of the currently selected applet 
as well as the currently active applet and changing contexts accordingly."; pg. 10, "The 
main task of the install method within the applet is to create and initialize the objects 
that the applet will need during its lifetime and otherwise prepare itself to be selected 
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and accessed by a CAD."); instances of objects (objects instantiated by an applet) (pg. 
3, "Every object on the card is owned by the applet which instantiated it. The owning 
applet always has full privileges to use and modify the object."); and a context barrier 
(applet firewall) for separating and isolating the contexts (pg. 7, "To create a secure and 
trusted environment, applets are isolated from each other. An applet firewall prevents 
one applet from accessing the contents or behavior of objects owned by other 
applets."), the context barrier (applet firewall) configured for controlling execution of at 
least one instruction of one of the zero or more sets of instructions (object methods that 
can be invoked) comprised by a program module (owning applet) based at least in part 
of whether the at least one instruction is executed for an object instance (object) 
associated with a first one of the one or more separate contexts (object is part of the 
owning applet's execution context) and whether the at least one instruction is requesting 
access to an instance of an object definition (object / class instance) associated with a 
second one of the said one or more separate contexts (former applet execution context) 
(via the JCRE, pg. vii, "The JCRE keeps track of the currently selected applet as well as 
the currently active applet... When a virtual method is invoked on an object, the applet 
execution context is changed to correspond to the applet that owns that object. When 
that method returns, the previous context is restored... The applet execution context and 
sharing status of an object together determine if access to an object is permissible."; pg. 
7, "The applet firewall ensures that no other applet may use, access, or modify the 
contents of an object owned by another applet ..but the applet cannot invoke methods 
on the object or get or set its contents."), the context barrier further configured to 
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prevent the access if the access is unauthorized (pg. 7, "If an applet does not have 
sharing privileges for an object, any attempt to invoke an instance method or access the 
object's contents will throw a SecurityException...") and enable the access if the access 
is authorized (via Unrestricted Sharing or Restricted Sharing) (pg. 8); and a global data 
structure (JCRE) for permitting one program module (applet) to access information from 
another program module (applet) by bypassing the context barrier (applet firewall) (pg. 
7-8, "However, it is necessary to allow exceptions to this restriction. The JCRE must be 
able to invoke methods on applets..."; pg. 2, "However, Java Card provides... form of a 
firewall between applets."). However, SUN does not explicitly mention that the device 
has memory and that the memory comprises the objects. It is well known to one of 
ordinary skill in the art that a device has memory and therefore obvious that the device 
would have memory in order to create the objects and applets. 

As to claim 60, SUN teaches the storing object header data (applet identifier), the 
object header data (applet identifier) comprising information associated with at least one 
of the instances of objects (via its associated applet); and the controlling execution is 
based at least in part on the object header data (applet identifier) (pg. 10, "The main 
task of the install method within the applet is to create and initialize the objects that the 
applet will need during its lifetime and otherwise prepare itself to be selected and 
accessed by a CAD.... Typically an applet will create various objects, initialize them with 
predefined values, set some internal state variables, and call the Applet.register method 
to inform the JCRE that the applet is available for selection. "Selection occurs when the 
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JCRE receives a SELECT APDU in which the name data matches the AID of the applet. 
Selection causes an applet to become active, and the applet execution context is 
adjusted so that only objects belonging to this applet can be accessed."). It is inherent 
to the teachings of SUN that the object header data is stored in memory since the JCRE 
must match a received APDU to every AID corresponding to the registered applets. 

As to claim 61 , SUN teaches the memory is partitioned into a plurality of memory 
spaces (execution contexts) with instances of objects (objects) allocated for storage in 
one of the plurality of storage spaces (execution contexts); and the controlling execution 
is based at least in part on determining the storage space allocated to an executing 
object instance (execution context) and an accessed object instance (object) (via JCRE, 
pg. 10, "Selection occurs when the JCRE receives a SELECT APDU in which the name 
data matches the AID of the applet. Selection causes an applet to become active, and 
the applet execution context is adjusted so that only objects belonging to this applet can 
be accessed."; pg. vii, "The JCRE keeps track of the currently selected applet as well as 
the currently active applet... When a virtual method is invoked on an object, the applet 
execution context is changed to correspond to the applet that owns that object. When 
that method returns, the previous context is restored."). 

As to claims 37, 63, and 64, reference is made to a method that corresponds to 
the device of claims 1, 60, and 61 and is therefore met by the rejection of claims 1, 60, 
and 61 above. However, claim 37 further details the device includes a processing 
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machine wherein the program modules are executed on. It is obvious that the 
processing element (virtual machine) of claim 1 is the processing machine of claim 37. 

As to claims 52 and 53, reference is made to a computer program product that 
corresponds to the device of claim 1 and is therefore met by the rejection of claim 1 
above. 

As to claims 54 and 55, refer to claims 52 and 53 for rejection. However, claim 
54 further details separating a plurality of programs on a small footprint device. SUN 
teaches separating a plurality of programs (applets) on a small footprint device (pg. 2, 
"However, Java Card provides facilities to support more sophisticated scenarios in 
which multiple applets can discover each other, communicate, and share data in a 
limited manner, while still maintaining protection from each other in the form of a firewall 
between applets."). 

As to claim 56, reference is made to a computer wave that corresponds to the 
device of claim 1 and is therefore met by the rejection of claim 1 above. 

As to claim 57, refer to claim 56 for rejection. However, claim 57 further details 
separating a plurality of programs on a small footprint device. SUN teaches separating 
a plurality of programs (applets) on a small footprint device (pg. 2, "However, Java Card 
provides facilities to support more sophisticated scenarios in which multiple applets can 
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discover each other, communicate, and share data in a limited manner, while still 
maintaining protection from each other in the form of a firewall between applets."). 

As to claim 58, refer to claim 1 for rejection. However, claim 58 further details 
the shipping of a code over a network from a server wherein the code is instructions for 
separating a plurality of programs on a small footprint device. It is obvious that the 
firewall has program code in order to function on the java card system. However, SUN 
does not teach that the code is sent over a communications link. It is well known to one 
of ordinary skill in the art that computer code is downloaded from a developer system or 
server system to an implementation system or client system. Therefore, it is obvious to 
one skilled in the art at the time of the invention that the carrier wave code of the firewall 
is shipped or downloaded from a server system to a client system to be implemented. 

As to claims 25 and 26, SUN teaches the processing element is a virtual 
machine on a card system (virtual machine) (pg. 3, Lifetime of the Virtual Machine). 
However, SUN does not teach that the virtual machine runs on a processor or an 
operating system. It is well known to a person of ordinary skill in the art that a virtual 
machine runs on a processor or an operating system and therefore obvious that the 
virtual machine of Sun runs on a processor or an operating system. 

As to claims 29 and 30, SUN teaches that each applet has its own context 
(Applet execution context) (pg. vii, Terminology). It is well known to a person of 
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ordinary skill in the art that an execution context has a memory space or name space. 
Therefore, it is obvious that the applets have their separate memory spaces or name 
spaces for each applets execution. 

As to claim 31 , SUN teaches the program modules are a plurality of applets (pg. 
2, Applet Design Concepts). 

As to claim 32, SUN teaches the context barrier (applet firewall) prevents access 
from a principle (applet) in one context to an object in a different context (applet) (pg. 7, 
Applet Isolation and Object Sharing, "An applet firewall prevent one applet from 
accessing the contents or behavior of objects owned by other applets."; pg. 2, Multiple 
Applets, "However, Java Card provides... in which multiple applets can discover each 
other, communicate, and share data in a limited manner, while still maintaining 
protection from each other in the form of a firewall between applets."). It is obvious to 
one skilled in the art at the time of the invention that since the context barrier prevents 
object access to an applet not owning the objects (pg. 7) that the context barrier 
enforces a security check on the applet accessing of the object. 

As to claims 35, 36, 41-43, It is obvious that since the context barrier prevents 
object access to an applet not owning the objects (pg. 7) that the context barrier 
enforces a security check of the principle accessing the object. Also, It is obvious since 
the firewall only allows the owning applet to access its objects (pg. 7, The owning applet 
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always has full privileges to use and modify the object.), that the check must involve 
whether the applet and object are part of the same execution context, i.e. same name 
space or memory space agreement. 

As to claim 38, SUN teaches small footprint device (Java Card) implements a 
virtual machine (Java virtual machine) (pg. 3, Lifetime of the Virtual Machine). It is 
obvious to one skilled in the art at the time of the invention that since the context barrier 
(applet firewall) runs on the system having a virtual machine that it is implemented using 
a virtual machine. 

As to claims 44-51 , SUN teaches that an applet is allowed access to another 
applet and its objects through the applet firewall (exceptions to this restriction) when 
they are not part of the same context if the principa I is authorized to perform the action, 
via the JRCE (pg. 7-8, Applet Isolation and Object Sharing) wherein the principal applet 
context switches to the recipient applet to invoke the method. It would be obvious that 
the applet performs a security check to determine the execution context. It is also 
obvious that the receiving applet invokes another applet for its objects. 

Response to Arguments 

3. Applicant's arguments filed 1/2/04 have been fully considered but they are not 
persuasive. Applicant argues that in Sun reference does not teach the cited 
amendments to the claims. The examiner disagrees and refers to the rejection in 
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illustrating his point. Applicant then argues that the invention describes objects as being 
owned by a context. Specifically as defined in claim 1 , "each context comprising a 
protected object instance space such that at least one of the object definitions is 
instantiated in associated with a particular context". However, the passage only details 
that each context comprises a protected object instance space and that the object 
definitions are instantiated in an associated particular context. Sun teaches that each 
applet executes in an applet execution context, the applet creates its own objects, and 
the applet firewall protects one applet from another. Therefore, the applet execution 
context is a protected object space for an applet to create objects. Only dependent 
claims 59 and 62 detail that a context is associated with an object such that the program 
module has no control over which object it controls access to. These claims seem to 
depict what Applicant is centrally arguing to overcome the reference of Sun and as 
detailed by the Examiner above would make the invention allowable. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Lewis A. Bullock, Jr. whose telephone number is (703) 
305-0439. The examiner can normally be reached on Monday-Friday, 8:30 am - 5:00 
pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Meng An can be reached on (703) 305-9678. The fax phone number for 
the organization where this application or proceeding is assigned is (703) 872-9306. 
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Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
0286. 
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